Skip to content

Latest commit

 

History

History
140 lines (112 loc) · 5.07 KB

README.md

File metadata and controls

140 lines (112 loc) · 5.07 KB
Raw

Run Pre-Commit

Amazon SSO Permission set

This module create identity groups and attachment policies inlines/managed and associated this groups with the accounts

Requirements

Name Version
terraform >= 1.0
aws >= 4.50.0

Providers

Name Version
aws >= 4.50.0

Modules

No modules.

Resources

Name Type
aws_identitystore_group.identitystore_group resource
aws_ssoadmin_account_assignment.account_assignment resource
aws_ssoadmin_managed_policy_attachment.sso_policy_attachment resource
aws_ssoadmin_permission_set.sso_permission_set resource
aws_ssoadmin_permission_set_inline_policy.sso_inline_policy resource
aws_identitystore_group.identitystore_group data source
aws_ssoadmin_instances.sso data source

Inputs

Name Description Type Default Required
description Permissions set group description string "" no
description_identity (Optional) A string containing the description of the group. string "" no
display_name (Optional) A string containing the name of the group. This value is commonly displayed when the group is referenced string "" no
group_name Group name string "" no
inline_policy Inline policies JSON to attach to SSO Permissions Set string "" no
policy_attachment ARN of the policy attachment list(string) [] no
session_duration The length of time that the application user sessions are valid in the ISO-8601 standard. Default: PT1H string "PT2H" no
tags A map of tags to add to all resources. map(string) {} no
target_id (Required, Forces new resource) An AWS account identifier, typically a 10-12 digit string. string n/a yes

Outputs

Name Description
group_id Group ID

Examples

Terraform

main.tf

data "aws_iam_policy_document" "example" {
  statement {
    sid = "1"

    actions = [
      "s3:ListAllMyBuckets",
      "s3:GetBucketLocation",
    ]

    resources = [
      "arn:aws:s3:::*",
    ]
  }
}

module "sso" {
  source = "git@github.com:andresb39/terraform-aws-sso-permissions-set.git?ref=v0.0.1"
  group_name           = "Mytest"
  description          = "My test Team"
  inline_policy        = data.aws_iam_policy_document.example.json
  display_name         = "Mytest"
  description_identity = "Mytest"
  target_id            = ["11111111111"]
  tags = {
    "Environment": "Test Environment"
    }
  }

Terragrum

terragrum.hcl

include {
  path = find_in_parent_folders()
}

terraform {
  source = "git@github.com:andresb39/terraform-aws-sso-permissions-set.git?ref=v0.0.1"
}

locals {
  policy   = jsondecode(file("policy.json"))

}

inputs = {
  group_name           = "Mytest"
  description          = "My test Team"
  inline_policy        = local.policy
  display_name         = "Mytest"
  description_identity = "Mytest"
  target_id            = ["11111111111"]
  tags = {
    "Environment": "Test Environment"
    }
}

policy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "*"
    }
  ]
}